There is often a need to communicate a message in secret over a channel which can potentially be intercepted by an eavesdropper. Traditionally, such a problem has been addressed by encrypting or enciphering the message using a secret key. The most secure classical encryption schemes generally take one of two forms. The most secure of all is a one-time pad since it cannot be decrypted mathematically. The cipher text is independent of the plain text. In a typical example of the one-time pad, each letter of the message is randomly encoded as another letter independent of whether the letter has already been used. Such an encryption key is preferably only used once. The weak link in such a scheme is that the transmitter of the message must find some way of securely sending the key to the receiver. Previous methods have relied on the use of trusted couriers, but this is obviously not practical in many cases. Other high security methods, such as DES and public key encryption methods such as RSA rely on the difficulty of finding the key and decrypting the message for their security. In these methods the eavesdropper has to try all possible ways to decrypt the message—a process which is too time consuming (or expensive to do). Quantum computers will be able to find the keys much more quickly. In DES, the sender and receiver also share a secret key. Therefore DES also suffers from the problem of how to communicate the key securely.
Quantum communication has gone a long way to addressing the problem of sending such a key. By encoding the key on a series of single photons, where each photon carries 1 bit of information encoded as quantum state of the photon e.g. polarisation, phase or energy/time of the photon an eavesdropper cannot intercept the key without at least partially changing the key. It is not possible to prevent an eavesdropper from obtaining the key, but he or she will be detected.
At present, there are two main protocols for communicating the key using single photons, these are BB84 (Bennett et al. Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India (IEEE, New York 1984) p 175) and B92 (Bennett, Phys Rev. Lett, 68 3121 (1992)).
In BB84, the bit state 0 or 1 is encoded onto a quantum state of the photon, each bit (1 or 0) is doubly defined, this is done by using two bases each with 2 orthogonal states. One of the states in each basis codes for 0; the other codes for 1. The two states in each basis are orthogonal. The two bases are not orthogonal, therefore the states from one basis are not orthogonal to the states in the other basis. For example, for polarisation encoding one basis may be defined by vertical and horizontal basis states and the other basis is defined by two polarisation basis states at 45° to these states, i.e. at 45° and 135°, such that each polarisation state is orthogonal to the other state of the same basis.
The polarisation of each photon transmitted from sender to receiver is chosen to be in one of the four basis states. The polarisation for each photon is randomly chosen by the sender. The receiver measures the polarisation of each photon randomly switching between measurement basis.
When the receiver uses the same basis as a of the transmitter, the receiver should be able to measure the polarisation with a theoretical accuracy of 100%. However, since the states from the two bases are not orthogonal, and the overlap integral is a ½ (if the bases are offset by 45°), if the receiver uses the wrong basis, he has only a 50% chance of correctly measuring the polarisation, and a 50% chance of getting the wrong answer.
After the whole key has been sent, the receiver and transmitter will then communicate with one another over a classical (unjammable) channel. The receiver then tells the sender which measurement basis he used. The sender then tells the receiver which results to keep The results from any photon measured using an incorrect basis are then discarded. This means that, typically, the results from half of the measured photons will be discarded.
Generally, the transmitter is referred to as Alice, the receiver as Bob and an eavesdropper as Eve.
Eve listening into the signal could intercept some or all of the photons. Like Bob, she will not know which basis to use to measure the signals, so she may also randomly switch her measuring bases and will, on average, select the correct basis half of the time. If she intercepts a photon to make a measurement of its state, e.g. its polarisation, then she will destroy the photon. Therefore, to cover her tracks, she generates another photon with the polarisation and the basis in which she has just measured.
Thus, since on average, she will also be using the incorrect basis half the time, and therefore getting the wrong answer for the bit state a quarter of the time. Thus, she will send onto Bob photons in the polarisation in the wrong basis half the time, i.e. half the photons she transmits will be polarised in the wrong basis. This will result in errors for Bob. Assuming that she has intercepted all of the photons, she will have read half of them using the wrong basis and only stands a 50% chance of getting this half of the key correct. Thus, although Bob knows, after communicating with Alice, which measurements be made in the correct basis, one quarter of the results he keeps, and hence a quarter of the key will be wrong. This error can be checked for if Alice and Bob compare a part of key.
B92 will also be described using polarisation. However, phase of the photon can also be used here as well. In B92, each photon is sent having one of two distinct, non-orthogonal polarisation states where each state is a basis state from a pair of bases which are not orthogonal to one another. The receiver measures each of the transmitted photons randomly switching between one of two operators. The first of these two operators will annihilate the second of the two distinct non-orthogonal polarisation states. In other words, the first operator measures in the same basis as the second state.
The second of the operators will annihilate the first of the polarisaton states, as it is configured to measure in the same basis as the first polarisation state.
For example, if the state is a vertically polarised state en the second operator is a measurement of a horizontally polarised state. If the second state is oriented at 45° to the first state, then the first operator is a measurement of the state orthogonal to the second state, at 135°.
The transmitter and receiver then communicate and they discard the results where a positive result was not obtained. A positive result will only be obtained when the incorrect measuring basis was used. The choice of basis used to measure the polarisation is not disclosed in any of the communications. The code is established by assigning a ‘0’ to one basis and a ‘1’ bit to the other basis. As for BB84, an eavesdropper will need to determine the polarisation of the intercepted photons and resend these to the receiver. There will be an error in the polarisation of the photons generated by Eve and this will again manifest itself as an error in the key established by Bob.
Although the above description has concentrated on the use of polarisation, it is also possible to use orthogonal phase states to encode the key.
The transmitted photons need to have a fixed polarisation, phase or energy, this can be done by generating the photons with a predetermined polarisation or by using an entangled polarisation stat technique, where the transmitter measures one photon of a pair of polarisation entangled or phase entangled or polarisation and phase entangled photons. Measuring the polarisation and/or phase of one of the entangled photons fixes the polarisation and/or phase of the other photon on route to the receiver. The generation of entangled photon pairs are described in Tittel et al, Phys. Rev. Letter 84, 4737 (2000).
In both BB84 and B92, if N photons are transmitted, then the results from N/2 photons will have to be discarded as these will have been measured using the wrong basis. Statistically about N/4 of the established key will be wrong if there is an eavesdropper eavesdropping every bit, in which case, the eavesdropper knows 50% of the key exactly, statistically the eavesdropper will know 75% of the key correctly.